for "Novell 802.3" frames, which are 802.3 frames (i.e., the type/length
field is a length field, i.e. it's <= ETHERMTU) with 0xFFFF as the first
2 bytes. We don't yet check for ETHERTYPE_IPX as well.
When checking for OSI packets on Linux cooked captures, check for 802.2
frames by testing the packet type for LINUX_SLL_P_802_2 rather than by
checking whether the type field is <= ETHERMTU (it's always a type field
in DLT_LINUX_SLL captures).
Ring, and RFC 1483-style ATM, as well as on Ethernet.
Support checking for LLC SAP protocols other than OSI protocols on
Ethernet - for now, we check only the DSAP on those, rather than
checking both the DSAP and SSAP as we do for OSI, as I think, in some
cases, the SSAP isn't the same as the DSAP.
When generating protocol type checks on link-layer types with no type
field, where packets are always IP (SLIP, BSD/OS SLIP, raw IP), generate
a "test" that always succeeds if the protocol being checked for is IP or
IPv6 and a "test" that always fails otherwise. (We originally did
"gen_true()" if the protocol is IP, and bogusly generated code to check
the field at an offset of -1 otherwise; a subsequent change caused us
always to do "gen_true()", but that doesn't properly handle attempts to
check for other protocols - those attempts should generate code that
always fails, meaning that if you try to look for ARP packets in such a
capture the BPF compiler will return "expression rejects all packets" as
an error - and still generated extra code not all of which was removed
by the optimizer. The current code generates no *more* BPF code.)
Add "stp", which checks for the LLC SAP for the Spanning Tree Protocol.
#5228, to correctly check for Appletalk for EtherTalk phase II - they
use 802.3 with LLC SNAP packets, rather than D/I/X Ethernet packets.
His patch made "atalk" check for Appletalk ARP as well as other
Appletalk packets; I've instead added a separate "aarp" packet type,
leaving "atalk" checking only for ETHERTYPE_ATALK, so you can check for
ETHERTYPE_ATALK, ETHERTYPE_AARP, or both.
letting you filter based on the VLAN to which a packet belongs, and an
improvement to the printing of VLAN packets (adding an extra space to
separate the VLAN priority and flags from the next stuff printed).
"linux-includes/netinet/if_ether.h" to "ethertype.h", and remove
includes of <netinet/if_ether.h> from files that only include it to get
ETHERTYPE_ values defined.
./configure --enable-ipv6 (requires getaddrinfo(3) and getnameinfo(3)).
TODO: make it work even without getaddrinfo(3) or getnameinfo(3)
(or, tcpdump/configure.in should provide alternative version by
AC_REPLACE_FUNCS)
TODO: make IPv6 filtering code work by default
TODO: make "protochain" friendly with optimization
guy